Description
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21425 Vulnerability (CVE-2022-21425)
Oracle JRE CVE-2013-0448 Vulnerability (CVE-2013-0448)
Microsoft SQL Server CVE-2023-32027 Vulnerability (CVE-2023-32027)
WordPress Plugin Contact Form 7 Redirect & Thank You Page Cross-Site Request Forgery (1.0.3)
WordPress Plugin Responsive Menu-Create Mobile-Friendly Menu Multiple Vulnerabilities (4.0.3)